const config = uniCloud.importObject('config');

exports.main = async (event, context) => {
  //云函数中验证请求来源，防止跨站请求伪造（CSRF）
  /*  const {
      referer
    } = event.headers;
    if (!referer || !referer.startsWith('https://api.next.bspapp.com')) {
      throw new Error('非法请求来源');
    } */

  try {
    // 通过云对象获取 clientSecret
    const {
      clientSecret: clientSecret
    } = await config.getClientSecret();

    // 返回包含 CORS 头的响应
    return {
      statusCode: 200,
      headers: {
        'Access-Control-Allow-Origin': '*',
        'Content-Type': 'application/json'
      },
      data: {
        code: 200,
        message: 'success',
        clientSecret: clientSecret
      }
    };
  } catch (err) {
    return {
      statusCode: 500,
      headers: {
        'Access-Control-Allow-Origin': '*',
        'Content-Type': 'application/json'
      },
      data: {
        code: 500,
        message: err.message
      }
    };
  }
};